Security News

Former Uber CSO found guilty of obstruction in attempted data breach cover-up. Former Uber Chief Security Officer Joe Sullivan has been found guilty of criminal obstruction for attempting to conceal a 2016 data breach of tens of millions of customer and driver records.

Joe Sullivan, who was Chief Security Officer at Uber from 2015 to 2017, has been convicted in a US federal court of covering up a data breach at the company in 2016. We first wrote about the breach behind this widely-watched court case back in November 2017, when news about it orignally emerged.

Joe Sullivan, the former Chief Security Officer of Uber, has been convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of the hack Uber suffered in 2016. "In the wake of that disclosure, the FTC's Division of Privacy and Identity Protection embarked on an investigation of Uber's data security program and practices. In May 2015, the month after Sullivan was hired, the FTC served a detailed Civil Investigative Demand on Uber, which demanded both extensive information about any other instances of unauthorized access to user personal information, and information regarding Uber's broader data security program and practices."

A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. "We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught."

Joe Sullivan, Uber's former chief security officer, has been found guilty of illegally covering up the theft of Uber drivers and customers' personal information. Sullivan, previously a cybercrime prosecutor for the US Department of Justice, was charged two years ago with obstruction of justice and misprision - concealing a felony from law enforcement.

As we mentioned back in March lapsus is as good a modern Latin word as any for "Data breach", and the trailing dollar sign signifies both financial value and programming, being the traditional way of denoting that BASIC variable is a text string, not a number. Okta, a 2FA service provider, was another high-profile victim, where the hackers acquired RDP access to an support techie's computer, and were therefore able to access a wide range of Okta's internal systems as if they were logged in directly to Okta's own network.

The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking."On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "He remains in police custody."

The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks. While there are no details about the investigation, the arrest is believed to be tied to the Lapsus$ hacking group, which is suspected to be behind recent cyberattacks on Uber, Rockstar Games, and 2K. During last year's attacks, the Lapsus$ hacking group was said to be led by a threat actor named 'White' or 'BreachBase,' who was doxxed as allegedly a 16-year-old teen from the UK. This hacking group is responsible for numerous high-profile attacks, including Microsoft, Cisco, NVIDIA, Samsung, and Okta.

DUCK. Yes, Uber has come out with a follow up report, and it seems that they're suggesting that a hacking group like LAPSUS$ was responsible. Just because you have those that's a security gate, but it's not the end-all and be-all to keeping someone out.

Uber exposes Lapsus$ extortion group for security breach. Uber has laid the blame for its recent security breach at the feet of Lapsus$, a cybercrime group that uses social engineering to target technology firms and other organizations.